It seems like everyone has a story about seeing ads for an oddly specific product after having a conversation about it near their phones.

At a recent dinner with friends, for example, the subject of Botox injections came up. It’s a procedure I’ve never personally been interested in and, therefore, have never searched Botox online or clicked an ad for it. And yet, while scrolling through Facebook on the ride home from that dinner, there it was: an ad for Botox.

Could it be that my phone was listening in on our conversation?

Facebook has stated that its phone app doesn’t listen to users in order to serve them ads; the ad-targeting algorithm is just that good (apparently, the algorithm also believes my crow’s feet could use some attention). However, the company recently admitted that human workers had been reviewing and transcribing a small portion of user audio recordings in Facebook Messenger, a practice it says it has since ended.

Facebook isn’t the only company that’s been listening in, either. And, according to a recent tweet that’s picked up traction, some people suspect the Safari iPhone browser might be, too.

The Twitter user wrote that after having a phone conversation about bedbugs, his iPhone began serving ads for bedbug removal services. The logical conclusion? Safari was listening. As “proof” of Apple’s nefarious intentions, he posted screenshots showing that the “Camera & Microphone Access” toggle for Safari is tucked away in privacy settings separate from where you allow all other apps access. So what’s the truth?

Does iPhone’s Safari Listen To You?

According to Zohar Pinhasi, a cybersecurity expert and founder and CEO of MonsterCloud, there are a number of reasons why Safari would need access to your microphone and camera.

“In recent iOS updates, Safari will have access to both your mic and camera by default; you must manually change the setting in order to rescind access,” Pinhasi said, noting that this is an issue in and of itself, as most people probably don’t even realize Safari has access.

He explained that the setting basically exists to make general web browsing easier and more hassle-free. For example, you might be using a website that requires you to upload a photo of yourself. Some web-based video conferencing tools also have a natural need to access your microphone and camera if, say, you don’t have the service’s app installed and are using the service via mobile browser. The point is that it’s not necessarily sinister for Safari to need access to your mic and camera.

That said, Pinhasi believes it’s still a privacy and security issue ― not because Safari wants access to your mic and camera but because it’s getting access by default whether or not the user knows it. This, he said, is intentional on Apple’s part.

“Product designers design an experience like this for one of two reasons: They think it’ll make the experience easier and more convenient for the user, or they are banking on the fact that most people will simply accept the settings as they are and not opt out,” Pinhasi said. “I have no way of knowing which reason Apple has. If I had to guess, it’s probably a bit of both.”

Does Apple Ever Record Your Conversations?

Apple has long been an advocate of protecting technology users’ privacy and security. Even so, it recently admitted that third-party contractors can and do listen to your interactions with Siri. Apple claims this is for optimization purposes. The problem is that Siri is accidentally triggered often and has recorded private exchanges, such as doctor’s appointments and addresses, as a result. There are likely a whole lot of users who would be embarrassed to learn that certain conversations were overheard by strangers.

In addition to Apple’s Siri, it’s been discovered that recordings by similar voice-activated virtual assistants are also reviewed by human workers. Amazon’s Alexa, for instance, records audio when it’s triggered by the wake word. Some of those recordings get transcribed and annotated by Amazon employees for the purpose of improving Alexa’s understanding of human speech patterns. The same is true of Google Home.

The truth is that any equipment that has the capability of recording audio and video has the ability to record it even when you don’t engage it in doing so, according to Theresa Payton, former White House chief information officer and current chief executive of the security consulting company Fortalice Solutions.

Even if the company itself has completely benign reasons for accessing your camera and microphone, these devices can still betray you. One reason, she said, is because you could end up with malware on your device that allows somebody to remotely activate audio and video recording.

Another issue is the flaws in the technology. “We know that in today’s environment, the development lifecycle is so fast to be first to market with features and functionality that glitches happen,” Payton said. Sometimes these malfunctions lead to accidental recordings.

“You should assume that either through a glitch, or malware or by design, you will be listened to. You could have your picture taken. You could have your video taken,” Payton said.

Getting Off The Grid

So what can you do to protect your privacy from prying ears and eyes?

Payton said that one thing you can do is look up how to access the recordings on file for each of the devices you use and request that they be removed. Amazon, for example, allows you to access your Alexa recordings and delete them, as well as opt out of having recordings reviewed (though Amazon will still retain some types of data). “Where you don’t see those remedies, you need to file a user support complaint and say, ‘I couldn’t find this, and this is important to me,’” she said.

Even though Facebook says it no longer listens to user recordings, the company doesn’t exactly have a strong history of integrity, so you might want to ensure your messages aren’t recorded. There are a few things you can do. Start by turning off the voice-to-text feature, which is how the app gained access to recordings in the first place. You can also revoke the app’s access to your microphone and camera: On the iPhone, go to Settings, scroll down and select Facebook and switch off access. For Android, visit Settings > Apps and notifications > Facebook > Permissions > Microphone and select “Deny.” Facebook also has a “secret conversation” option that uses end-to-end encryption, making it impossible to transcribe voice messages.

Going forward, you need to be cautious about what devices are nearby when sharing sensitive information and remove them if necessary. The only way to really create off-grid conversations is to have them away from any devices with recording capabilities ― smartphones included.

Bottom Line: Don’t Trust Your Phone

“Consumers need to understand that data is now a commodity,” Pinhasi said. It doesn’t really matter whether a company is acquiring that data to better its products and services, or to aggregate, package and sell it to marketers. “You need to operate under the assumption that someone is always watching what you do.”

Though you can revoke access to your camera and mic, as well as opt out of having your audio recordings shared in many cases, the truth is that there’s always something or someone listening these days. And unless you have insider knowledge as to the inner workings of these companies, there’s no way to know with 100% certainty what the true purpose is.

So the next time you want to have a private conversation, it’s probably a good idea to leave your smart devices in another room so they can’t hear you.